IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Testimony by

 

BOB KRUGER

 

VICE PRESIDENT FOR ENFORCEMENT

before the

 

HOUSE JUDICIARY CRIME SUBCOMMITTEE

 

on

 

CYBERCRIME

 

Washington, DC

June 14, 2001

 

Good morning, my name is Bob Kruger.  I am Vice-President for Enforcement for the Business Software Alliance, an association of leading software and e-commerce companies .  I thank the Committee for the opportunity to testify about a matter of great concern to the software industry. BSA=s members create approximately 90% of the office productivity software in use in the U.S. and around the world. I would like to give the Subcommittee some background on the state of software piracy today, what the industry is doing to protect itself and the critical role that law enforcement must play.  Congressional attention to the piracy problem has been invaluable in meeting the serious challenges faced by copyright owners in the past and will be needed to ensure that creators of IP can continue to make important contributions to the economy in the future. 

 

MY BACKGROUND

I have been BSA=s Vice-President for Enforcement for eight years. Prior to my joining the Business Software Alliance, I served as a federal prosecutor in the U.S. Attorney=s Office in the District of Columbia and before that as Associate Counsel to President Reagan. During my tenure at the Business Software Alliance, I have learned firsthand how pervasive, multi-faceted, and resistant the software piracy problem is and what a devastating impact it has on software developers. 

 

THE PROBLEM

BSA was formed by leading software companies to combat a major threat to their markets, domestic and overseas, and to their ability to continue to create new programs.  That threat is piracy.  Software publishers occupy something of unique position when it comes to digital piracy.  It has always been possible to reproduce and distribute perfect copies of software programs because from its creation software is available only in digital form. 

 

A look at software piracy statistics provides insight into the scope and severity of the problem. Every year the International Planning and Research Corporation undertakes an international survey of the level of software piracy on a country-by-country basis along with its economic impact.  Last month, BSA released the survey for the year 2000. On a worldwide basis, the survey found that the piracy rate averaged 37% resulting in revenue losses of $11.75 billion dollars. In a few countries, the piracy rate exceeded 90%.  In the US, the piracy rate for 2000 was 24% with a revenue loss of $2.6 billion. These numbers are very high, but they actually represent an improvement from the 1994 statistics when the international piracy rate was 49% -- meaning that half of the world=s software was pirated. Unfortunately, after several years of decreasing software piracy rates worldwide since 1994, we=ve witnessed a slight increase from 1999 to 2000. Several factors were responsible for this increase, notably the growth in the total software market in developing nations where the software piracy rate far exceeds the world average. The market growth in these nations was not offset enough by market growth in more established nations with lower piracy rates.

 

The statistics collected in this study reflect the real financial harm piracy inflicts on American software companies.  Publishers invest hundreds of millions of dollars every year and immeasurable amounts of creativity in designing, encoding and bringing new products to market.  They depend upon the revenue they receive from those products to obtain a return on their investment and to fund the development of new products. The impact of software piracy extends beyond the lost sales. Piracy results in thousands of lost jobs and millions of dollars in lost wages and tax revenue. 

 

For years, software piracy has generally been practiced on a limited, if not small, scale.  Its scope and its reach were constrained by such factors as time, physical space, geography and production and distribution costs.  It is now possible to see that period in time as Athe good old days.@  Four trends explain this change:

-- The online market is exponentially larger than traditional retail markets for pirated products.

--Technology can result in the creation of better software tool for consumers; misuse of that technology also makes the theft of intellectual property much easier and faster to accomplish

-- It=s harder to catch and take action against perpetrators who operate on the Internet

-- Software theft has become an attractive enterprise for organized crime

 

First, the Internet has exponentially expanded the market for pirated software.  Contrast, the number of people who can crowd around a card table at a flea market with the number that can simultaneously access and download software from a pirate website.  Instead of pirated copies being sold one at a time, millions of pirated copies can be downloaded every day. Geography no longer matters.  A pirate can sell and transfer stolen intellectual property to someone located here in Washington, DC, just as easily as he or she can sell and transfer it to someone in Australia.

 

Second, the Internet has also made locating and obtaining pirated software much easier. Consumers in every city can use the phone book to find legitimate software vendors who have a real, physical location. There is, however, no phone book or other tool to locate software pirates who operate from real, physical locations. But computer users can easily employ an Internet search engine to find both legitimate and illegitimate sellers of software. Or consumers can visit popular auction sites and what appear to be legitimate websites to find pirated or counterfeit products that often purport to be genuine. From the buyer=s perspective, the Internet also significantly lowers the stigma of knowingly purchasing stolen goods by allowing the transaction to occur in the comfort of one=s house or workplace. Advances in bandwidth and compression technology enable downloading to occur in a fraction of the time previously required.

 

Third, the ability of Internet pirates to hide their identities on the Internet or operate from remote jurisdictions makes it that much more difficult for rights holders to take responsive action or hold them accountable. Once BSA=s investigators identify where pirated software being distributed online, they can have a much harder time finding the responsible party than in the offline world. We do not have, nor would we want, surveillance capability and our ability to establish the true identity of website owners, spammers, vendors can be limited by their efforts to avoid detection and legitimate privacy concerns. Intellectual property owners can and do use online tools. For example, the Whois database lists the registered owner of a website, although the information is sometimes false or out of date. False Whois contact information may be an issue that this Committee wishes to look into further.

 

Let me give you an example of how complicated an Internet investigation can be - a software pirate who lives in Canada can advertise his stolen products on a website hosted by a Chilean Internet Service Provider that lists an email address in India as the point of contact. After an email from the seller directing the purchaser to wire money to a bank account in Japan, the pirate then tells the purchaser via an anonymous email account to go to a website in Mexico to download the software. In order to build a successful case, BSA must work with authorities in each of the countries even though none of the illegal activity occurred in the pirates =s home country of Canada.  Obviously, this complicated scenario is fortunately uncommon, but it does show the complexity of what we can and do face on a daily basis.

 

Finally, the presence of very large amounts of high quality counterfeit software in the market continues to pose a serious problem for BSA=s members.  During the past 12-18 months, we have seen a dramatic increase in the amount of high quality counterfeit software imported into the U.S. from overseas, especially from Asia.  Moreover, international counterfeiting rings have become even more sophisticated in their methods of producing Alook alike@ software and components.  For example, recent raids in Hong Kong uncovered evidence of sophisticated research and development laboratories where counterfeiters reverse-engineered the security features of at least one member company=s software media.  Not surprisingly, investigations in Asia, Europe, and Latin America have revealed the involvement of serious criminal organizations in the manufacture and distribution of high quality counterfeit software.  Compared to loan sharking, bank robbery, and protection rackets, software piracy is an easy, rarely prosecuted crime. Finally, the Internet has transformed the business of distributing counterfeit software, making possible for major exporters in Asia and elsewhere to sell directly to corrupt resellers anywhere in the world.  One recent example demonstrates the potential of this distribution method to cause serious harm to U.S. software publishers:  during a period of only three months, a small reseller operating out of trailer in Flugerville, Texas, imported over 47,000 counterfeit copies of Microsoft7 Office and Windows7 programs, with an estimated value of $13 million.

 

HOW DOES SOFTWARE THEFT OCCUR ON THE INTERNET?

There are two primary means of software theft that occurs on the Internet: retail piracy and downloading.  Retail piracy includes of auction and mail order websites along with email spam advertising pirated programs. Basically, the card table vendors have migrated online.  As I noted earlier in my testimony, they can reach an international marketplace 24x7.  By making their wares  available on legitimate commercial sites such as auction sites, pirates acquire  a patina of legitimacy.   

 

Downloading theft occurs on a wide range of sites and locations where users can download unauthorized copies of copyrighted software programs, e.g, web sites, IRC channels, newsgroups, and peer-to-peer systems like Gnutella.  The persons who are making these programs available are essentially throwing a brick through the storefront window and inviting others around the world to loot at their leisure. Clearly, this conduct is not tolerated in the bricks and mortar world and it should not be tolerated online.

 

WHAT THE INDUSTRY IS DOING TO PROTECT ITSELF

The members of the Business Software Alliance are in the business of developing popular software programs, not enforcing their intellectual property rights.  I know for a fact that they would rather spend the money they pay me to hire another programmer.  It is, therefore, a testament to the impact piracy is having on their businesses that they devote considerable financial and human resources to copyright education and awareness campaigns, policy initiatives, and enforcement actions.

 

The Business Software Alliance does not solely take a reactive response to software piracy. Indeed, BSA=s worldwide piracy campaigns emphasize education, awareness and compliance over enforcement.  Our website offers tools for end-users to determine if their installed software base contains an appropriate number of licenses. Other public awareness projects are also listed on our website. Even our enforcement efforts are undertaken with an eye towards sending the message as widely as possible that it is more expensive to violate copyright laws than to comply with them in the first place. 

 

As an example, let me describe just some of what BSA and its members are doing to protect themselves against piracy in its modern form:

-- Notice and takedown programs:  BSA maintains a team of investigators in the U.S. and in Europe with additional coverage in Latin America and Asia.  We constantly receive referrals from our members, complaints from consumers, and identify infringing activity through proactive investigation.  Thousands of notices to ISPs, auction sites, redirect services and others have been sent this year alone.  In the United States BSA and other intellectual property owners use the Digital Millennium Copyright Act (DMCA) passed in 1998 to shut down US based websites that contain stolen software.

 

-- Civil litigation:  BSA=s members have filed suit against dozens of individuals offering pirated software for free download on an Internet relay chat channel that caters to cable-modem users.  In November, BSA filed suit against thirteen vendors who offered pirated software for sale on popular Internet auction sites.  To give you some idea of how brazen some of these software pirates can be, at least four of those thirteen vendors continue to sell pirated software even after being sued.

 

-- Model business practices for auction sites and ISPs:  Software publishers seek the cooperation and engagement of other Internet entities in protecting intellectual property and reducing the incidence of piracy.  BSA has, for example, developed model business practices for Internet service providers and for auction sites.  We have already received the public support of Amazon.com for the auction site practices and are working with other sites to gain their support.

 

-- Companies are exploring technological solutions that balance interest in intellectual property protection and legitimate needs of users. Experience indicates, however, that there is no silver bullet technological solution to what is, at bottom, an ethical problem.

 

THE NEED FOR FEDERAL LAW ENFORCEMENT OF U.S. COPYRIGHT LAW

Notwithstanding all of BSA efforts in this area, there is a critical need for engagement by federal law enforcement authorities in combating this problem.  And thanks to Congressional attention, the tools needed for effective investigation and prosecutions already exist.   I commend the members of this Committee for passage of the No Electronic Theft (NET) Act in 1998 and for its leadership in securing enhancements to the federal sentencing guidelines for intellectual property crime. 

 

There are several reasons why federal law enforcement is a critical component of an effective approach to combating piracy:

We are now in a period of tremendous opportunity.  Attitudes and behaviors are still forming over respect for intellectual property online.  Congress has spoken in the form of strong laws against piracy, but Congress= voice can only be heard if law enforcement plays its role and prosecutes those laws.

Only criminal prosecution and penalties can provide effective deterrence.  The threat of a civil judgment is insufficient to deter pirates, many of whom already operate on the margins of society.  Pirates need to understand that breaking the law could force them to surrender something more precious - their liberty.

Law enforcement brings superior investigative capabilities that private industry does not have access to such as search warrants.

 

Software publishers are used to operating in Internet time in which taking years to ramp up or respond can be fatal to a company=s bottom line.  That is why we have been frustrated in the past by the length of time it has taken to see some meaningful progress in the number of intellectual property cases prosecuted.   We are encouraged though by recent indications that intellectual property cases are receiving a higher priority. Ten software piracy cases have been reported on the Department of Justice Computer Crimes and Intellectual Property Section=s website this year.  While hardly a torrent of activity, that number compares quite favorably to the two such cases announced last year and the one in 1999.

 

Prosecutions under the NET Act are one indicator of DOJ=s willingness to combat Internet piracy.   We are encouraged, therefore, by the fact that just last month, the U.S. Attorney=s Office in Chicago secured a the first conviction by jury trial of a defendant prosecuted under the NET Act.  The defendant was a member of the notorious  APirates With Attitude@ software ring. Although there had been previous pleas under the NET Act, a conviction after trial is the truest validation of whether a new criminal statute operates as intended and can serve as an effective prohibition and deterrent.  And while there have been other prosecutions of Internet piracy, nothing demonstrates law enforcement's commitment better than taking a case through trial.  Finally, a guilty verdict embodies more than legislative or prosecutorial condemnation of particular conduct -- it reflects, in the purest sense, a popular judgment that Internet piracy is and should be a criminal offense.  In short, the people have now spoken.  For pirates out there who were hoping that they would be let off the hook by a jury of their peers, this has to be a major disappointment. To underscore the jury=s feelings of the strong case against the defendant, I would point out that the jury deliberated for only 30 minutes before rendering their guilty verdict.

 

BSA also applauds the recent efforts by federal law enforcement agencies, particularly the U.S. Customs Service, to devote more resources to fighting counterfeiting.  We are aware of international investigations currently being pursued by Customs and several U.S. Attorneys involving the importation of hundreds of thousands of counterfeit CDs.  The aggressive pursuit of the organized criminal rings involved in these cases stands out, and is extremely important to our members.  At the same time, however, the overall federal law enforcement resources devoted to anti-counterfeiting efforts is still quite inadequate.  We are aware of more than a few cases where raids have been delayed or not pursued at all because of the lack of prosecutorial or agent resources.  In addition, lack of prosecutorial interest in pursuing these cases continues to pose a serious obstacle to effective enforcement in some jurisdictions.

 

There is still work to be done in new areas of software theft.  Coordinated action against mail order piracy is necessary to end the consumer fraud and the crime against the rights holder that occurs when an auction site is used to sell pirated or counterfeit software to sometimes unsuspecting buyers. We also need assistance in engaging law enforcement overseas.

 

OTHER ACTIONS THE FEDERAL GOVERNMENT CAN TAKE TO FIGHT SOFTWARE PIRACY

The message also needs to be sent to our nation=s youth that stealing something on the Internet is no different than walking into a department store and stealing a sweater or videocassette. To that end, the Hamilton Fish Institute on School and Community Violence at George Washington University and BSA recently obtained a grant from the Department of Justice for the ACrime Prevention and Educational Programs for Intellectual Property Theft and Cyber Crime" project.  This project will better define the scope and nature of electronic crime and will identify effective education strategies to raise public awareness about cyber crime.  Part of this effort will be to create public service announcements that reach out to American youth with the message that piracy is wrong.

 

THE ROLE OF CONGRESS

Your continued oversight of DOJ is necessary to ensure that software piracy prosecutions are a serious threat and therefore deterrent to those who would plunder the results of someone else=s hardwork, investment and creativity.   Last week, Attorney General Ashcroft testified before the full Judiciary Committee that

AI can say to you that we take very seriously piracy and theft and the invasion of privacy and a whole variety of issues that are related to the advent of the capacity of individuals to utilize the computer both in the industry and personally.  And given the fact that much of America's strength and the world economy is a result of our being the developer and promoter of most of the valuable software, we cannot allow the assets that are held electronically to be pirated or infringed, and so we will make cyber crime issues a priority and additional resources have been requested in next year's budget for that and that's not just in this Administration's submission regards to the FBI budget@

 

Actions that back up statements like this are the only way that software pirates can be stopped either directly by cases brought against them or by receiving the message that software theft is not an easy crime. In FY2000 Congress approved dedicated appropriations for fighting cybercrime. Continued efforts such as this will ensure that DOJ investigators and prosecutors will have the necessary resources to bring these cases.

 

CONCLUSION

I would like to thank the Subcommittee again for the opportunity to testify today. Only through a combined effort of by intellectual property owners, educators, policymakers and the law enforcement community will the scourge of software piracy be reduced. I would be happy to answer any questions this Committee may have.